Assembly programming for the reverse engineer

Description

Assembly programming is such a large subject in itself. Mix in some reverse engineering and you essentially end up with a whole field. No matter what tool you’re using and no matter what your experience level, software reverse engineering of native binaries, most of the time, goes down to what the underlying assembly code aims at doing. To that extend, we strongly believe that, in order to become a proficient software reverse engineer, one has to learn about assembly programming. Not because writing assembly code has any importance or because it’s cool. We think learning how to write assembly is important because reading code is already a hard thing.

How can you efficiently read code to a language you don’t know?
How can you quickly learn a language without writing code for that language?

So what is that training about?

Assembly programming for the reverse engineer is about learning how to write assembly. On top of this, it’s also learning how the computer works in order to understand generated blocks of code and how the operating system deals with the user and the machine. In order to acquire the required skills, participants will go through multiple programming and reverse engineering exercises.
The training will conclude on a short challenge that will involve both programming and reverse engineering. What architecture will we be using? Who knows? After all, when reversing a random binary, one does not choose the architecture the original programmer wrote the binary for. However, you can safely expect that various architectures will be used as part of this training.

Inscription

Syllabus

Topics that will be covered in the class include:

Intel x86 and x64 architecture

Registers

Execution modes

Privilege level (introduction only)

Memory management facilities (introduction only)

Interrupt management facilities (introduction only)

X86 assembly programming

Use of NASM in assembly programming

Basic instruction as well as floating point operations

X64 assembly programming

Differences between x86 and x64

ARM assembly programming

Use of GAS in assembly programming

Registers

Basic instructions

Relationship between high level code and assembly code

General code construct analysis in assembly language

C++ code analysis in assembly language

Data structure analysis in assembly language

Assembly level debugging and data inspection

General use of reverse engineering tools

Trick bag

Various tricks to make the SRE process faster scattered through the training

At the end of the training, it is expected that all participant should be able to perform assembly code level analysis of an intermediate degree of difficulty as well as explaining precisely how code written using high level language would show up in assembly code.

Inclus avec la formation

Badge pour les conférences du 3 et 4 novembre

Dîner les 3 jours de formation (31 octobre & 1-2 novembre)

Pause café

Schedule

9h00 to 16h00 each day

Suggested reading

To be announce

Class requirement

To be announce

Pré-requis

Anyone who wishes to be part of this training should full fil the following pre-requisite: